FALL 2017
|
79
ABSTRACT
I
n this article, we discuss the threat component of the risk to information systems.
We review traditional cyber threat models, then present a technical characteri-
zation of the cyber threat along ten dimensions. We cross-reference an industry
analysis of the Stuxnet threat to illustrate our thinking and conclude with an
outline of the threat model application to the development of Cyber Red Books™.
1. INTRODUCTION
In prior work on cyber risk assessment
[1]
, we referred to the National Institute of
Standards (NIST) decomposition of risk into its three constituents of vulnerability,
threat, and impact
[2]
as the guiding principle for cyber vulnerability assessment.
Focusing primarily on developing a repeatable methodology for vulnerability assess-
ment, answering the “what” question of risk, we introduced a characterization of the
threat along ten dimensions, from education and training, to resourcing and access.
In this article, we expand our characterization of the threat along these ten dimen-
sions and seek to answer the “how” question of risk. We draw on the analysis of
Stuxnet for clarifying distinctions and supporting arguments.
We start the article by reviewing de facto threat models used across the industry and
identifying their limitations, and we conclude by outlining the potential application of
the threat model to the development of a Cyber Red Book™ to guide security profession-
als in prioritizing their investments in vulnerability mitigation and mission assurance.
2. TRADITIONAL THREAT MODELS
The cyber risk to an information system is a function of (1) the likelihood of a
potential vulnerability, (2) the possibility of a threat exploiting the vulnerability, and
(3) the impact of successful exploitation. The potential vulnerability and the impact
Cyber Threat Characterization
Dr. Kamal T. Jabbour
Dr. Erich Devendorf
This is a work of the U.S. Government and is not subject to copyright protection in the United States. Foreign copyrights may apply.
